Move the remaining CheckedNumeric logic out of the macro

base/numerics/safe_math_impl.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_NUMERICS_SAFE_MATH_IMPL_H_
 #define BASE_NUMERICS_SAFE_MATH_IMPL_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 111 matching lines @@
   return !!(static_cast<typename UnsignedIntegerForSize<T>::type>(x) >>
             PositionOfSignBit<T>::value);
 }
 
 // This wrapper undoes the standard integer promotions.
 template <typename T>
 constexpr T BinaryComplement(T x) {
   return static_cast<T>(~x);
 }
 
-// Return if a numeric value is negative regardless of type.
-template <typename T,
-          typename std::enable_if<std::is_arithmetic<T>::value &&
-                                  std::is_signed<T>::value>::type* = nullptr>
-constexpr bool IsNegative(T x) {
-  return x < 0;
-}
-
-template <typename T,
-          typename std::enable_if<std::is_arithmetic<T>::value &&
-                                  !std::is_signed<T>::value>::type* = nullptr>
-constexpr bool IsNegative(T x) {
-  return false;
-}
-
 enum ArithmeticPromotionCategory {
   LEFT_PROMOTION,          // Use the type of the left-hand argument.
   RIGHT_PROMOTION,         // Use the type of the right-hand argument.
   MAX_EXPONENT_PROMOTION,  // Use the type supporting the largest exponent.
   BIG_ENOUGH_PROMOTION     // Attempt to find a big enough type.
 };
 
 template <ArithmeticPromotionCategory Promotion,
           typename Lhs,
           typename Rhs = Lhs>
@@ skipping 49 matching lines @@
   static const bool is_contained = true;
 };
 
 // No type is large enough.
 template <typename Lhs, typename Rhs>
 struct BigEnoughPromotion<Lhs, Rhs, true, false> {
   using type = typename MaxExponentPromotion<Lhs, Rhs>::type;
   static const bool is_contained = false;
 };
 
-// These are the four supported promotion types.
-
-// Use the type of the left-hand argument.
-template <typename Lhs, typename Rhs>
-struct ArithmeticPromotion<LEFT_PROMOTION, Lhs, Rhs> {
-  using type = Lhs;
-  static const bool is_contained = true;
-};
-
-// Use the type of the right-hand argument.
-template <typename Lhs, typename Rhs>
-struct ArithmeticPromotion<RIGHT_PROMOTION, Lhs, Rhs> {
-  using type = Rhs;
-  static const bool is_contained = true;
-};
+// These are the supported promotion types.
 
 // Use the type supporting the largest exponent.
 template <typename Lhs, typename Rhs>
 struct ArithmeticPromotion<MAX_EXPONENT_PROMOTION, Lhs, Rhs> {
   using type = typename MaxExponentPromotion<Lhs, Rhs>::type;
   static const bool is_contained = true;
 };
 
 // Attempt to find a big enough type.
 template <typename Lhs, typename Rhs>
@@ skipping 42 matching lines @@
   *result = static_cast<T>(uresult);
   // Addition is valid if the sign of (x + y) is equal to either that of x or
   // that of y.
   return (std::numeric_limits<T>::is_signed)
              ? HasSignBit(BinaryComplement(
                    static_cast<UnsignedDst>((uresult ^ ux) & (uresult ^ uy))))
              : (BinaryComplement(x) >=
                 y);  // Unsigned is either valid or underflow.
 }
 
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedAdd(T x, U y, V* result) {
+template <typename T, typename U, class Enable = void>
+struct CheckedAdd {};
+
+template <typename T, typename U>
+struct CheckedAdd<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type =
+      typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;
+  template <typename V>
+  static bool Op(T x, U y, V* result) {
 #if USE_OVERFLOW_BUILTINS
-  return !__builtin_add_overflow(x, y, result);
+    return !__builtin_add_overflow(x, y, result);
 #else
-  using Promotion =
-      typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
-  Promotion presult;
-  // Fail if either operand is out of range for the promoted type.
-  // TODO(jschuh): This could be made to work for a broader range of values.
-  bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
-                  IsValueInRangeForNumericType<Promotion>(y);
+    using Promotion =
+        typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
+    Promotion presult;
+    // Fail if either operand is out of range for the promoted type.
+    // TODO(jschuh): This could be made to work for a broader range of values.
+    bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
+                    IsValueInRangeForNumericType<Promotion>(y);
 
-  if (IsIntegerArithmeticSafe<Promotion, U, V>::value) {
-    presult = static_cast<Promotion>(x) + static_cast<Promotion>(y);
-  } else {
-    is_valid &= CheckedAddImpl(static_cast<Promotion>(x),
-                               static_cast<Promotion>(y), &presult);
+    if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+      presult = static_cast<Promotion>(x) + static_cast<Promotion>(y);
+    } else {
+      is_valid &= CheckedAddImpl(static_cast<Promotion>(x),
+                                 static_cast<Promotion>(y), &presult);
+    }
+    *result = static_cast<V>(presult);
+    return is_valid && IsValueInRangeForNumericType<V>(presult);
+#endif
   }
-  *result = static_cast<V>(presult);
-  return is_valid && IsValueInRangeForNumericType<V>(presult);
-#endif
-}
+};
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer, bool>::type
 CheckedSubImpl(T x, T y, T* result) {
   // Since the value of x+y is undefined if we have a signed type, we compute
   // it using the unsigned type of the same size.
   typedef typename UnsignedIntegerForSize<T>::type UnsignedDst;
   UnsignedDst ux = static_cast<UnsignedDst>(x);
   UnsignedDst uy = static_cast<UnsignedDst>(y);
   UnsignedDst uresult = static_cast<UnsignedDst>(ux - uy);
   *result = static_cast<T>(uresult);
   // Subtraction is valid if either x and y have same sign, or (x-y) and x have
   // the same sign.
   return (std::numeric_limits<T>::is_signed)
              ? HasSignBit(BinaryComplement(
                    static_cast<UnsignedDst>((uresult ^ ux) & (ux ^ uy))))
              : (x >= y);
 }
 
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedSub(T x, U y, V* result) {
+template <typename T, typename U, class Enable = void>
+struct CheckedSub {};
+
+template <typename T, typename U>
+struct CheckedSub<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type =
+      typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;
+  template <typename V>
+  static bool Op(T x, U y, V* result) {
 #if USE_OVERFLOW_BUILTINS
-  return !__builtin_sub_overflow(x, y, result);
+    return !__builtin_sub_overflow(x, y, result);
 #else
-  using Promotion =
-      typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
-  Promotion presult;
-  // Fail if either operand is out of range for the promoted type.
-  // TODO(jschuh): This could be made to work for a broader range of values.
-  bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
-                  IsValueInRangeForNumericType<Promotion>(y);
+    using Promotion =
+        typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
+    Promotion presult;
+    // Fail if either operand is out of range for the promoted type.
+    // TODO(jschuh): This could be made to work for a broader range of values.
+    bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
+                    IsValueInRangeForNumericType<Promotion>(y);
 
-  if (IsIntegerArithmeticSafe<Promotion, U, V>::value) {
-    presult = static_cast<Promotion>(x) - static_cast<Promotion>(y);
-  } else {
-    is_valid &= CheckedSubImpl(static_cast<Promotion>(x),
-                               static_cast<Promotion>(y), &presult);
+    if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+      presult = static_cast<Promotion>(x) - static_cast<Promotion>(y);
+    } else {
+      is_valid &= CheckedSubImpl(static_cast<Promotion>(x),
+                                 static_cast<Promotion>(y), &presult);
+    }
+    *result = static_cast<V>(presult);
+    return is_valid && IsValueInRangeForNumericType<V>(presult);
+#endif
   }
-  *result = static_cast<V>(presult);
-  return is_valid && IsValueInRangeForNumericType<V>(presult);
-#endif
-}
+};
 
 // Integer multiplication is a bit complicated. In the fast case we just
 // we just promote to a twice wider type, and range check the result. In the
 // slow case we need to manually check that the result won't be truncated by
 // checking with division against the appropriate bound.
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             sizeof(T) * 2 <= sizeof(uintmax_t),
                         bool>::type
 CheckedMulImpl(T x, T y, T* result) {
@@ skipping 36 matching lines @@
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             !std::numeric_limits<T>::is_signed &&
                             (sizeof(T) * 2 > sizeof(uintmax_t)),
                         bool>::type
 CheckedMulImpl(T x, T y, T* result) {
   *result = x * y;
   return (y == 0 || x <= std::numeric_limits<T>::max() / y);
 }
 
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedMul(T x, U y, V* result) {
+template <typename T, typename U, class Enable = void>
+struct CheckedMul {};
+
+template <typename T, typename U>
+struct CheckedMul<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type =
+      typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;
+  template <typename V>
+  static bool Op(T x, U y, V* result) {
 #if USE_OVERFLOW_BUILTINS
 #if defined(__clang__)
-  // TODO(jschuh): Get the Clang runtime library issues sorted out so we can
-  // support full-width, mixed-sign multiply builtins. https://crbug.com/613003
-  static const bool kUseMaxInt =
-      sizeof(__typeof__(x * y)) < sizeof(intptr_t) ||
-      (sizeof(__typeof__(x * y)) == sizeof(intptr_t) &&
-       std::is_signed<T>::value == std::is_signed<U>::value);
+    // TODO(jschuh): Get the Clang runtime library issues sorted out so we can
+    // support full-width, mixed-sign multiply builtins.
+    // https://crbug.com/613003
+    static const bool kUseMaxInt =
+        sizeof(__typeof__(x * y)) < sizeof(intptr_t) ||
+        (sizeof(__typeof__(x * y)) == sizeof(intptr_t) &&
+         std::is_signed<T>::value == std::is_signed<U>::value);
 #else
-  static const bool kUseMaxInt = true;
+    static const bool kUseMaxInt = true;
 #endif
-  if (kUseMaxInt)
-    return !__builtin_mul_overflow(x, y, result);
+    if (kUseMaxInt)
+      return !__builtin_mul_overflow(x, y, result);
 #endif
-  using Promotion =
-      typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
-  Promotion presult;
-  // Fail if either operand is out of range for the promoted type.
-  // TODO(jschuh): This could be made to work for a broader range of values.
-  bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
-                  IsValueInRangeForNumericType<Promotion>(y);
+    using Promotion =
+        typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
+    Promotion presult;
+    // Fail if either operand is out of range for the promoted type.
+    // TODO(jschuh): This could be made to work for a broader range of values.
+    bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
+                    IsValueInRangeForNumericType<Promotion>(y);
 
-  if (IsIntegerArithmeticSafe<Promotion, U, V>::value) {
-    presult = static_cast<Promotion>(x) * static_cast<Promotion>(y);
-  } else {
-    is_valid &= CheckedMulImpl(static_cast<Promotion>(x),
-                               static_cast<Promotion>(y), &presult);
+    if (IsIntegerArithmeticSafe<Promotion, T, U>::value) {
+      presult = static_cast<Promotion>(x) * static_cast<Promotion>(y);
+    } else {
+      is_valid &= CheckedMulImpl(static_cast<Promotion>(x),
+                                 static_cast<Promotion>(y), &presult);
+    }
+    *result = static_cast<V>(presult);
+    return is_valid && IsValueInRangeForNumericType<V>(presult);
   }
-  *result = static_cast<V>(presult);
-  return is_valid && IsValueInRangeForNumericType<V>(presult);
-}
+};
 
 // Avoid poluting the namespace once we're done with the macro.
 #undef USE_OVERFLOW_BUILTINS
 
 // Division just requires a check for a zero denominator or an invalid negation
 // on signed min/-1.
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer, bool>::type
 CheckedDivImpl(T x, T y, T* result) {
   if (y && (!std::numeric_limits<T>::is_signed ||
             x != std::numeric_limits<T>::min() || y != static_cast<T>(-1))) {
     *result = x / y;
     return true;
   }
   return false;
 }
 
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedDiv(T x, U y, V* result) {
-  using Promotion =
-      typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
-  Promotion presult;
-  // Fail if either operand is out of range for the promoted type.
-  // TODO(jschuh): This could be made to work for a broader range of values.
-  bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
-                  IsValueInRangeForNumericType<Promotion>(y);
-  is_valid &= CheckedDivImpl(static_cast<Promotion>(x),
-                             static_cast<Promotion>(y), &presult);
-  *result = static_cast<V>(presult);
-  return is_valid && IsValueInRangeForNumericType<V>(presult);
-}
+template <typename T, typename U, class Enable = void>
+struct CheckedDiv {};
+
+template <typename T, typename U>
+struct CheckedDiv<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type =
+      typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;
+  template <typename V>
+  static bool Op(T x, U y, V* result) {
+    using Promotion =
+        typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
+    Promotion presult;
+    // Fail if either operand is out of range for the promoted type.
+    // TODO(jschuh): This could be made to work for a broader range of values.
+    bool is_valid = IsValueInRangeForNumericType<Promotion>(x) &&
+                    IsValueInRangeForNumericType<Promotion>(y);
+    is_valid &= CheckedDivImpl(static_cast<Promotion>(x),
+                               static_cast<Promotion>(y), &presult);
+    *result = static_cast<V>(presult);
+    return is_valid && IsValueInRangeForNumericType<V>(presult);
+  }
+};
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             std::numeric_limits<T>::is_signed,
                         bool>::type
 CheckedModImpl(T x, T y, T* result) {
   if (y > 0) {
     *result = static_cast<T>(x % y);
     return true;
   }
   return false;
 }
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             !std::numeric_limits<T>::is_signed,
                         bool>::type
 CheckedModImpl(T x, T y, T* result) {
   if (y != 0) {
     *result = static_cast<T>(x % y);
     return true;
   }
   return false;
 }
 
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedMod(T x, U y, V* result) {
-  using Promotion =
-      typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
-  Promotion presult;
-  bool is_valid = CheckedModImpl(static_cast<Promotion>(x),
-                                 static_cast<Promotion>(y), &presult);
-  *result = static_cast<V>(presult);
-  return is_valid && IsValueInRangeForNumericType<V>(presult);
-}
+template <typename T, typename U, class Enable = void>
+struct CheckedMod {};
+
+template <typename T, typename U>
+struct CheckedMod<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type =
+      typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;
+  template <typename V>
+  static bool Op(T x, U y, V* result) {
+    using Promotion =
+        typename ArithmeticPromotion<BIG_ENOUGH_PROMOTION, T, U>::type;
+    Promotion presult;
+    bool is_valid = CheckedModImpl(static_cast<Promotion>(x),
+                                   static_cast<Promotion>(y), &presult);
+    *result = static_cast<V>(presult);
+    return is_valid && IsValueInRangeForNumericType<V>(presult);
+  }
+};
+
+template <typename T, typename U, class Enable = void>
+struct CheckedLeftShift {};
 
 // Left shift. Shifts less than 0 or greater than or equal to the number
 // of bits in the promoted type are undefined. Shifts of negative values
 // are undefined. Otherwise it is defined when the result fits.
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedLeftShift(T x, U shift, V* result) {
-  using ShiftType = typename UnsignedIntegerForSize<T>::type;
-  static const ShiftType kBitWidth = CHAR_BIT * sizeof(T);
-  const ShiftType real_shift = static_cast<ShiftType>(shift);
-  // Signed shift is not legal on negative values.
-  if (!IsNegative(x) && real_shift < kBitWidth) {
-    // Just use a multiplication because it's easy.
-    // TODO(jschuh): This could probably be made more efficient.
-    if (!std::is_signed<T>::value || real_shift != kBitWidth - 1)
-      return CheckedMul(x, static_cast<T>(1) << shift, result);
-    return !x;  // Special case zero for a full width signed shift.
+template <typename T, typename U>
+struct CheckedLeftShift<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type = T;
+  template <typename V>
+  static bool Op(T x, U shift, V* result) {
+    using ShiftType = typename UnsignedIntegerForSize<T>::type;
+    static const ShiftType kBitWidth = CHAR_BIT * sizeof(T);
+    const ShiftType real_shift = static_cast<ShiftType>(shift);
+    // Signed shift is not legal on negative values.
+    if (!IsValueNegative(x) && real_shift < kBitWidth) {

[Tom Sepez, 2016/11/21 17:19:52]

nit: while we're at it, these might read easier if we inverted the test and had
an early return? (several other places, too).

[jschuh, 2016/11/21 17:43:25]

I'm going to leave it for now, because when I looked at it before the early
return resulted in suboptimal code from one of the compilers. When I'm back in
the office I'll see if it mattered or not, and change if it doesn't.

+      // Just use a multiplication because it's easy.
+      // TODO(jschuh): This could probably be made more efficient.
+      if (!std::is_signed<T>::value || real_shift != kBitWidth - 1)
+        return CheckedMul<T, T>::Op(x, static_cast<T>(1) << shift, result);
+      return !x;  // Special case zero for a full width signed shift.
+    }
+    return false;
   }
-  return false;
-}
+};
+
+template <typename T, typename U, class Enable = void>
+struct CheckedRightShift {};
 
 // Right shift. Shifts less than 0 or greater than or equal to the number
 // of bits in the promoted type are undefined. Otherwise, it is always defined,
 // but a right shift of a negative value is implementation-dependent.
-template <typename T, typename U, typename V>
-typename std::enable_if<std::numeric_limits<T>::is_integer &&
-                            std::numeric_limits<U>::is_integer &&
-                            std::numeric_limits<V>::is_integer,
-                        bool>::type
-CheckedRightShift(T x, U shift, V* result) {
-  // Use the type conversion push negative values out of range.
-  using ShiftType = typename UnsignedIntegerForSize<T>::type;
-  if (static_cast<ShiftType>(shift) < (CHAR_BIT * sizeof(T))) {
-    T tmp = x >> shift;
-    *result = static_cast<V>(tmp);
-    return IsValueInRangeForNumericType<unsigned>(tmp);
+template <typename T, typename U>
+struct CheckedRightShift<
+    T,
+    U,
+    typename std::enable_if<std::numeric_limits<T>::is_integer &&
+                            std::numeric_limits<U>::is_integer>::type> {
+  using result_type = T;
+  template <typename V = result_type>
+  static bool Op(T x, U shift, V* result) {
+    // Use the type conversion push negative values out of range.
+    using ShiftType = typename UnsignedIntegerForSize<T>::type;
+    if (static_cast<ShiftType>(shift) < (CHAR_BIT * sizeof(T))) {
+      T tmp = x >> shift;
+      *result = static_cast<V>(tmp);
+      return IsValueInRangeForNumericType<V>(tmp);
+    }
+    return false;
   }
-  return false;
-}
+};
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             std::numeric_limits<T>::is_signed,
                         bool>::type
 CheckedNeg(T value, T* result) {
   // The negation of signed min is min, so catch that one.
   if (value != std::numeric_limits<T>::min()) {
     *result = static_cast<T>(-value);
     return true;
@@ skipping 48 matching lines @@
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_integer &&
                             !std::numeric_limits<T>::is_signed,
                         T>::type
 SafeUnsignedAbs(T value) {
   // T is unsigned, so |value| must already be positive.
   return static_cast<T>(value);
 }
 
-template <typename T>
-typename std::enable_if<std::numeric_limits<T>::is_iec559, T>::type CheckedNeg(
-    T value,
-    bool*) {
-  NOTREACHED();
-  return static_cast<T>(-value);
-}
+// This is just boilerplate that wraps the standard floating point arithmetic.

[Tom Sepez, 2016/11/21 17:19:52]

Maybe this belongs in the safe_math.h file along with the other macro creating
the checked##NAMEs?

[jschuh, 2016/11/21 17:43:25]

Nah, this is the file with all of the integer implementations of the same
template functions. Whereas safe_math.h has just the CheckedNumeric
implementation.

+// A macro isn't the nicest solution, but it beats rewriting these repeatedly.
+#define BASE_FLOAT_ARITHMETIC_OPS(NAME, OP)                                  \
+  template <typename T, typename U>                                          \
+  struct Checked##NAME<T, U, typename std::enable_if<                        \
+                                 std::numeric_limits<T>::is_iec559 ||        \
+                                 std::numeric_limits<U>::is_iec559>::type> { \
+    using result_type =                                                      \
+        typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;    \
+    template <typename V>                                                    \
+    static bool Op(T x, U y, V* result) {                                    \
+      using Promotion =                                                      \
+          typename ArithmeticPromotion<MAX_EXPONENT_PROMOTION, T, U>::type;  \
+      Promotion presult = x OP y;                                            \
+      *result = static_cast<V>(presult);                                     \
+      return IsValueInRangeForNumericType<V>(presult);                       \
+    }                                                                        \
+  };
 
-template <typename T>
-typename std::enable_if<std::numeric_limits<T>::is_iec559, T>::type CheckedAbs(
-    T value,
-    bool*) {
-  NOTREACHED();
-  return static_cast<T>(std::abs(value));
-}
+BASE_FLOAT_ARITHMETIC_OPS(Add, +)
+BASE_FLOAT_ARITHMETIC_OPS(Sub, -)
+BASE_FLOAT_ARITHMETIC_OPS(Mul, *)
+BASE_FLOAT_ARITHMETIC_OPS(Div, /)
 
-// These are the floating point stubs that the compiler needs to see.
-#define BASE_FLOAT_ARITHMETIC_STUBS(NAME)                          \
-  template <typename T, typename U, typename V>                    \
-  typename std::enable_if<std::numeric_limits<T>::is_iec559 ||     \
-                              std::numeric_limits<U>::is_iec559 || \
-                              std::numeric_limits<V>::is_iec559,   \
-                          bool>::type Checked##NAME(T, U, V*) {    \
-    NOTREACHED();                                                  \
-    return static_cast<T>(false);                                  \
-  }
-
-BASE_FLOAT_ARITHMETIC_STUBS(Add)
-BASE_FLOAT_ARITHMETIC_STUBS(Sub)
-BASE_FLOAT_ARITHMETIC_STUBS(Mul)
-BASE_FLOAT_ARITHMETIC_STUBS(Div)
-BASE_FLOAT_ARITHMETIC_STUBS(Mod)
-
-#undef BASE_FLOAT_ARITHMETIC_STUBS
+#undef BASE_FLOAT_ARITHMETIC_OPS
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_iec559, bool>::type
 CheckedNeg(T value, T* result) {
   *result = static_cast<T>(-value);
   return true;
 }
 
 template <typename T>
 typename std::enable_if<std::numeric_limits<T>::is_iec559, bool>::type
@@ skipping 99 matching lines @@
       : value_(static_cast<T>(rhs.value())) {}
 
   bool is_valid() const { return std::isfinite(value_); }
   T value() const { return value_; }
 };
 
 }  // namespace internal
 }  // namespace base
 
 #endif  // BASE_NUMERICS_SAFE_MATH_IMPL_H_